7.8
CVE-2021-38160
- EPSS 0.07%
- Published 07.08.2021 04:15:06
- Last modified 05.05.2025 14:12:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.24 < 4.4.276
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.276
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.240
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.198
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.134
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.52
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.19
Linux ≫ Linux Kernel Version >= 5.13 < 5.13.4
Netapp ≫ Hci Bootstrap Os Version-
Netapp ≫ Hci Management Node Version-
Netapp ≫ Element Software Version-
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Redhat ≫ Enterprise Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.211 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.